Bash is the GNU Project's shell; it is part of the suite of software that makes up the GNU operating system. The GNU programs plus the kernel Linux form a commonly used complete free software operating system, called GNU/Linux. The bug, which is being referred to as "shellshock," can allow, in some circumstances, attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector, regardless of what kernel they are running. The bug probably affects many GNU/Linux users, along with those using Bash on proprietary operating systems like Apple's OS X and Microsoft Windows. Additional technical details about the issue can be found at CVE-2014-6271 and CVE-2014-7169.

GNU Bash has been widely adopted because it is a free (as in freedom), reliable, and featureful shell. This popularity means the serious bug that was published yesterday is just as widespread. Fortunately, GNU Bash's license, the GNU General Public License version 3, has facilitated a rapid response. It allowed Red Hat to develop and share patches in conjunction with Bash upstream developers efforts to fix the bug, which anyone can download and apply themselves. Everyone using Bash has the freedom to download, inspect, and modify the code -- unlike with Microsoft, Apple, or other proprietary software.

Software freedom is a precondition for secure computing; it guarantees everyone the ability to examine the code to detect vulnerabilities, and to create new and safe versions if a vulnerability is discovered. Your software freedom does not guarantee bug-free code, and neither does proprietary software: bugs happen no matter how the software is licensed. But when a bug is discovered in free software, everyone has the permission, rights, and source code to expose and fix the problem. That fix can then be immediately freely distributed to everyone who needs it. Thus, these freedoms are crucial for ethical, secure computing.

Proprietary, (aka nonfree) software relies on an unjust development model that denies users the basic freedom to control their computers. When software's code is kept hidden, it is vulnerable not only to bugs that go undetected, but to the easier deliberate addition and maintenance of malicious features. Companies can use the obscurity of their code to hide serious problems, and it has been documented that Microsoft provides intelligence agencies with information about security vulnerabilities before fixing them.

Free software cannot guarantee your security, and in certain situations may appear less secure on specific vectors than some proprietary programs. As was widely agreed in the aftermath of the OpenSSL "Heartbleed" bug, the solution is not to trade one security bug for the very deep insecurity inherently created by proprietary software -- the solution is to put energy and resources into auditing and improving free programs.

Development of Bash, and GNU in general, is almost exclusively a volunteer effort, and you can contribute. We are reviewing Bash development, to see if increased funding can help prevent future problems. If you or your organization use Bash and are potentially interested in supporting its development, please contact us.

The patches to fix this issue can be obtained directly at http://ftp.gnu.org/gnu/bash/.

Media Contacts

John Sullivan
Executive Director
Free Software Foundation
+1 (617) 542 5942
campaigns@fsf.org

LibrePlanet is an annual conference for free software enthusiasts. The conference brings together software developers, policy experts, activists and computer users to learn skills, share accomplishments and face challenges to software freedom. Newcomers are always welcome, and LibrePlanet 2015 will feature programming for all ages and experience levels.

This year, the theme of LibrePlanet is "Free Software Everywhere." The call for sessions seeks talks that touch on the many places and ways that free software is used around the world, as well as ways to make free software ubiquitous. Proposals are encouraged to consider "everywhere" in the broadest sense of the word. LibrePlanet 2015 will take software freedom around the world, to outer space, and consider its role in industry, government, academia, community organizing, and personal computing.

"LibrePlanet is one of the most rewarding things we do all year. This conference brings people from all over the planet who want to make the world a better place with free software," said John Sullivan, executive director of the FSF.

Call for Sessions

"I hope we'll receive session proposals from people with all levels of speaking and technical experience; you don't have to be a coder to speak at LibrePlanet. Free software users, activists, academics, policymakers, developers, and others are all key contributors to the free software movement, and we want to showcase all of these skills at LibrePlanet 2015," said Libby Reinish, a campaigns manager at the FSF.

Call for sessions applications are currently being accepted at https://www.libreplanet.org/2015/call_for_sessions and are due by Sunday, November 2nd, 2014 at 19:59 EST (23:59 UTC).**

About LibrePlanet

LibrePlanet is the annual conference of the Free Software Foundation, and is co-produced by the Student Information Processing Board. What was once a small gathering of FSF members has grown into a larger event for anyone with an interest in the values of software freedom. LibrePlanet is always gratis for associate members of the FSF. To sign up for announcements about LibrePlanet 2015, visit https://www.libreplanet.org/2015.

LibrePlanet 2014 was held at MIT from March 22-23, 2014. Over 350 attendees from all over the world came together for conversations, demonstrations, and keynotes centered around the theme of "Free Software, Free Society." You can watch videos from past conferences at http://media.libreplanet.org.

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

More information about the FSF, as well as important information for journalists and publishers, is at https://www.fsf.org/press.

Media Contacts

Libby Reinish
Campaigns Manager
Free Software Foundation
+1 (617) 542 - 5942
campaigns@fsf.org

###

The TPE-NWIFIROUTER comes pre-installed with libreCMC, an FSF-endorsed embedded GNU/Linux distribution.

"This is a big step forward for computer user freedom. For the first time, you can purchase a router that ships with only free software preinstalled. This router and OS give us a platform that we can trust and control, and that the community can use to begin building our own, free software based network for communication, file sharing, social networking, and more," said FSF's executive director John Sullivan.

This is the third product by ThinkPenguin to be awarded the use of the RYF certification mark. The first two were the TPE-N150USB Wireless N USB Adapter and the long-range TPE-N150USBL model.

Christopher Waid, ThinkPenguin's founder and CEO, said, "ThinkPenguin, Inc. was founded with the goal of making free software more easily adoptable by the masses. Everyone needs a wireless router in their homes, and so I am very proud that we are able to offer users a router that ships with 100% free software installed and that is backed by a reputable certification process provided by the FSF."

To learn more about the Respects Your Freedom hardware certification, including details on the certification of the TPE-N150USB Wireless N USB adapter, as well as information on the driver and firmware for the device, visit http://www.fsf.org/ryf. Hardware sellers interested in applying for certification can consult http://www.fsf.org/resources/hw/endorsement/criteria.

Subscribers to the FSF's Free Software Supporter newsletter will receive announcements about future Respects Your Freedom products.

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

More information about the FSF, as well as important information for journalists and publishers, is at https://www.fsf.org/press.

About ThinkPenguin, Inc

Started by Christopher Waid, founder and CEO, ThinkPenguin, Inc. is a consumer-driven company with a mission to bring free software to the masses. At the core of company is a catalog of computers and accessories with broad support for GNU/Linux. The company provides technical support for end-users and works with the community, distributions, and upstream projects to make GNU/Linux all that it can be.

Media Contacts

Joshua Gay
Licensing & Compliance Manager
Free Software Foundation
+1 (617) 542 5942
licensing@fsf.org

Media Inquires
ThinkPenguin, Inc.
+1 (888) 39 THINK (84465) x703
media@thinkpenguin.com

###

Today, Apple announced new iPhone models, a watch, and a payment service. In response, FSF executive director John Sullivan made the following statement:

It is astonishing to see so much of the technology press acting as Apple's marketing arm. What's on display today is widespread complicity in hiding the most newsworthy aspect of the announcement -- Apple's continuing war on individual computer user freedom, and by extension, free speech, free commerce, free association, privacy, and technological innovation.

Every review that does not mention Apple's insistence on using Digital Restrictions Management (DRM) to lock down the devices and applications they sell is doing an extreme disservice to readers, and is a blow to the development of the free digital society we actually need. Any review that discusses technical specs without first exposing the unethical framework that produced those products, is helping usher people down a path that ends in complete digital disempowerment.

Keep a tally of how many reviews you read today mention that Apple threatens anyone who dares attempt installing another operating system like Android on their Apple phone or watch with criminal prosecution under the Digital Millennium Copyright Act (DMCA). Keep a tally of how many reviews mention that Apple devices won't allow you to install any unapproved applications, again threatening you with jail time if you attempt to do so without Apple's blessing. Keep a tally of how many reviews highlight Apple's use of software patents and an army of lawyers to attack those developing a more free computing environment than theirs.

We've seen several examples since the last Apple product announcement of times when smartphones and other computers have been used for political activism and important free speech. We've also seen several examples of times when such expressions have been censored. If we continue allowing Apple this kind of control, censorship and digital "free speech zones" will become the permanent norm.

There is a reason that the inventor of the US's first internally programmable computer shuns Apple devices as antithetical to vital kinds of creativity. But it's not enough to just say "Don't buy their products." The laws Apple and others use to enforce their digital restrictions, giving them a subsidized competitive advantage over products that respect user freedom, must be repealed.

At least the watch did end up having a clasp so you can remove it -- we were worried.

We urge users to investigate ways to support the use of mobile and wearable devices which do not restrict users' essential freedoms. Such projects include Replicant, a free software fork of Android, and F-Droid, an app repository of exclusively free software for Android. People should also let Tim Cook at Apple know how they feel.

While other databases list hardware that is technically compatible with GNU/Linux, h-node lists hardware as compatible only if it does not require any proprietary software or firmware. Information about hardware that flunks this test is also included, so users know what to avoid. The database lists individual components, like WiFi and video cards, as well as complete notebook systems.

The compatibility information comes from users testing hardware on systems running only free software. Previously, h-node site guidelines required they be running one of the FSF's endorsed distributions. While the FSF does not include Debian on this list because the Debian project provides a repository of nonfree software, the FSF does acknowledge that Debian's main repository, which by default is the only place packages come from, is completely free.

"Unlike other common GNU/Linux distributions, installing official Debian by default means installing only free software. As long as Debian users do not add additional package repositories, their systems are a reliable source of fully free compatibility information. We're looking forward to working with Debian to help free software users get the hardware they need, and encourage the companies who provide it," said FSF's executive director John Sullivan.

"By collaborating with h-node, Debian for the first time has the opportunity to join efforts with other free software communities on the assembly of a database of hardware that doesn't require anything outside the Debian main archive to work properly," said Lucas Nussbaum, Debian Project Leader. "Debian is confident that the fruits of this collaboration will result in the largest curated database of Debian-compatible hardware, and invites all Debian community members to contribute hardware compatibility information to h-node."

H-node was started by Antonio Gallo, who continues to be the project's lead developer. The FSF now provides infrastructure and support. The software powering the site is also distributed as free software under version 3 of the GNU General Public License.

Users can contribute either by running one of the FSF's endorsed distributions, or Debian with only packages from the default main archive installed. Developers and translators can contribute by working on the site's code. Information for getting involved is at http://h-node.org/help/page/en/Help.

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA. More information about the FSF, as well as important information for journalists and publishers, is at https://www.fsf.org/press.

Media Contacts

John Sullivan
Executive Director
Free Software Foundation
+1 (617) 542 5942
campaigns@fsf.org

Lucas Nussbaum
Debian Project Leader
press@debian.org

This post is also available in Spanish.